VoicePlus Blog

'Tis the season for holiday phishing ...top 11 scams to watch out for

There's something about the 'joy and goodwill' of the holiday season that makes us more susceptible to getting scammed!

Here's a timely reminder of the top 11 phishing scams to watch out for this Christmas.

Scams are perpetrated all year round but in the holiday season, scammers have more success in duping us. Why? Because we are far more likely to be making multiple purchases online and therefore receiving copious emails of order confirmations, shipping status updates, invoice receipts and payment notifications.

Scammers take advantage of this extra volume of traffic and our feelings of goodwill to sneak in under our defences.

1. Fake Purchase Invoices

At this time of the year it can be confusing to remember which online stores you actually purchased items from. This creates a scenario where scammers can be more successful with attacks using fake purchase receipts. An unexpected receipt from Apple or eBay during most of the year would hopefully raise some red flags for most users, but during the prime time for holiday shopping, users are more susceptible to clicking those types of things. Victims can find themselves installing malware or landing on a phishing page if they aren’t cautious.

2. Shipping Status malware messages

Along the same lines as fake email receipt messages are fake shipping notifications which usually increase each year around the holidays. With so many online orders being shipped around users again might be more likely to click something they wouldn’t normally click. If you just placed an order that shipped via TOLL, and then you get a zipped virus with the vague wording about your recent order being delayed, you may be more likely to click it. Please don't!

3. Christmas Offer emails

This time of the year the inbox is going to be overflowing as the ecommerce retailers aim to tempt us into extra orders. Not all email flyers and sales are going to be legitimate. Some of the more well-known stores where you have previously shopped or signed up for newsletters will likely be OK and legitimate. But be cautious of unexpected deals or product promotions from stores or sellers you have never dealt with. There will be people trying to take advantage of buyers where the victim could be subject to phishing tactics or just stolen money for an order that will never come in.

4. Fun Holiday Downloads

The holidays are meant to be fun, and hackers are banking on that. Offers for screensavers, animations or other holiday-themed downloads pop up everywhere this time of year. Unfortunately, they can also be jam-packed with all kinds of nasty malware. So if you don’t want a horrible surprise that can only dampen your holiday spirit, be sure to download from sources you know are legitimate.

5. Giving to Charity

The giving spirit of the holidays is embodied by helping those less fortunate. The trick is making sure your contribution actually gets to whom it is intended and not criminals looking to profit from your generosity. The best way to avoid being scammed by charity fraudsters is to reach out personally to the particular charities to which you wish to give. Money or payment information you give to a total stranger or an unknown charity is at risk. So if a cause touches your heart, please do give – just don’t automatically trust social media posts, emails, phone calls or even that knock at the door. Ask questions and make an extra phone call.

6. Free Gift Card Surveys

Survey emails sent out promising some sort of money or gift card in exchange for completing a survey can end up being a scam. Often the surveys are very short and generic, but at the end they may ask for some personal information. This can be what the attackers are really after. By gathering this information, they can use it to further a more advanced phishing attack. Some may even directly ask you for bank details or credit card information promising you won’t lose money.

7. Delivery & Postal Parcel Notifications

No one is busier during the holidays than couriers and postal services. Of course, hackers know this too, and will be sending out lots of phishing emails disguised as notifications from popular courier delivery services and Australia Post. To stay safe, don’t click on any attachment or link you get in an email notifying you about a parcel. Legitimate emails will have a prominently displayed tracking number within the body of the email itself, not hidden in an attachment or behind a link. Even if you think it may be valid, don’t follow any suggested links, simply go to the site directly and enter the tracking number yourself. Also, don’t hesitate to call a company directly for assistance using the phone number on their site.

8. Holiday eCards

Be very cautious about following links contained in any egreetings, even if they look like they come from a familiar source. Many times hackers will push out malicious holiday greetings as spam to huge groups hoping to get an initial victim to open it by chance, and then attempt to steal contact lists or break into email accounts. Once hackers achieve this, they can push out more phising emails to friends and family making detection of the scam that much harder.

9. Holiday Job Offers

When the holidays roll around, many employers need additional help, which is a great thing with so many people looking for work. However, be especially suspicious of any job offer that seems too good to be true, like high paying “no experience necessary” or work-at-home jobs. Many times these types of offers will lead you to signup sites that are built just to gather your personal information. And if they want a payment of any kind to send you the information on the “guaranteed” job that’s being offered, forget it, it’s a scam.

10. 'Hard to Find' items still available

Every year there are some items that just sell out - whether its a PlayStation or a drone, Pokemon or trolls. So when a special offer shows up with that one special gift still in stock, proceed with caution. Following links or actually making online purchases based on these sorts of offers can lead to problems such as bait and switch or worse. Reputable retailers don’t need to advertise for incredibly popular items.

11. Smishing - all of the above but by text

Smishing texts employ the same tactics as phishing emails, but they come to your phone. Beware of any text asking for personal information, pin numbers, etc. Dual factor authorization – when an online company sends login information via a text is getting common, and this is another avenue for a hacker to lure unsuspecting targets into divulging their personal and/or account information. Treat texts with the same caution you should use on every email you receive.

Based in Sydney, Australia, VoicePlus has developed the Atrium Managed Mobility solution. Our customers include Coca-Cola Amatil, Downer, Citi, Compass, Hilton, Reserve Bank of Australia and many more.